(www.aikido.dev)

1369 points universesquid | 2 comments | 08 Sep 25 15:37 UTC | HN request time: 0.558s | source

1. baloki ◴[09 Sep 25 07:36 UTC] No.45178717[source]▶

A package on the list called ‘simple-swizzle’ turns out to be used in OpenNext which is an unexpected attack vector for sure.

replies(1): >>45180289 #

2. yread ◴[09 Sep 25 10:55 UTC] No.45180289[source]▶

> DO. NOT. USE. THIS. PACKAGE

> Used by 9.9m

NPM debug and chalk packages compromised